ITIL® vs.

ISO/IEC 20000:
Similarities and Differences &
Process Mapping

WHITE PAPER

ITIL® is a Registered Trade Mark of AXELOS Limited.

Copyright
Copyright ©2017 Advisera Expert Solutions© 2017
Ltd. Advisera
All rights Expert Solutions Ltd. All rights reserved.
reserved. 1
Table of Contents

Scope of this document...........................................................................................................................3

Basic overview ........................................................................................................................................4
Processes & functions .............................................................................................................................5
Conclusion – Implement ITIL or ISO 20000?.............................................................................................8
Useful resources .....................................................................................................................................8

Copyright ©2017 Advisera Expert Solutions Ltd. All rights reserved. 2

Scope of this document
This document is intended for IT Professionals who are deciding on how to implement IT Service
Management in their organization.

It describes similarities and differences between ITIL 2011 and ISO/IEC 20000, briefly describing mapped
processes.

This document is focused on similarities rather than differences between the two, from the aspect of
experience in ITSM implementation in various service organizations.

Copyright ©2017 Advisera Expert Solutions Ltd. All rights reserved. 3

Basic overview
ITIL is a best practices framework, regarded in five service lifecycle stages: Strategy, Design, Transition,
Operation and CSI.

ISO/IEC 20000 adopts a PDCA (Plan, Do, Check, Act) Deming lifecycle, similar to other ISO norms. This can
also be observed parallel to a 7-Step CSI improvement process in ITIL CSI. Processes are organized into
groups: Service Delivery, Relationship, Resolution and Control.

Comparison of basic facts

ITIL ISO/IEC 20000

Best Practice Framework International Standard

Best practice guidelines, which provide IT 256 mandatory requirements against which an
professionals with best practices organization can be assessed for effective IT
Service Management processes

26 processes 12 processes

4 functions No functions, process oriented

For individuals. Complex certification path. For IT Service Organizations. Helps preserve
Empowers individual professionals with ITSM knowledge about ITSM processes as an
skills and knowledge. organization’s intellectual property.

Implement any number of processes as needed, ALL 12 processes HAVE to be implemented and
adapts to IT Service org. business needs. audited against the 256 requirements.

Markets which are accustomed to require ITIL Markets which are accustomed to require
certificates in tenders. ISO/IEC 20000 certificates in tenders.

Organizations oriented to best practices Organizations oriented to other ISO Standards:

frameworks (PMI, Prince2, MSF) – mindset of ISO 9001, ISO 27001 – synergy of common
rules adaptable to business needs. requirements and respect for strict rules.

Copyright ©2017 Advisera Expert Solutions Ltd. All rights reserved. 4

Processes & functions

Comparison of processes & functions

ITIL
Best Practice Framework
Strategy, Design, CSI
Service Level Management
- Reporting from SLM; Reporting in CSI -
Financial Management
IT Service Continuity Management
Availability Management
Capacity Management
Information Security Management
Design
Supplier Management
Business Relationship Management
Operation
Request Fulfillment, Incident Management
Problem Management
Functions (Service Desk, Op Management, App - No functions in ISO 20k -
Management, Technical Management)
Transition
Service Asset and Configuration Management 9.1 Configuration Management
Change Management
Release and Deployment Management
ISO/IEC 20000
International Standard
6. Service Delivery
6.1 Service Level Management
6.2 Service Reporting
6.4 Budgeting and Accounting for IT Services
6.3 Service Continuity and Availability
Management
Markets which are accustomed to require
ISO/IEC 20000 certificates in tenders.
6.5 Capacity Management
6.6 Information Security Management
7. Relationship Processes
7.2 Supplier Management
7.1 Business Relationship Management
8. Resolution Processes
8.1 Incident and Service Request Management
8.2 Problem Management
9. Control Processes
9.2 Change Management
9.3 Release and Deployment Management

Further into the text, you'll find an explanation of the relationship between ITIL and ISO 20000, for each
group of processes:

Strategy, Design, CSI / 6. Service Delivery

SLM or Service Level Management (6.2) lives both in ITIL Design stage and in ISO20k Service Delivery
process group. It is a mature ITSM process (one of four ITIL key processes), but a very delicate one,
depending on all other Service Delivery processes. ISO20k provides a strict set of 14 requirements
described briefly in a code of practice. For a deep understanding of the process, one needs experience
and knowledge of ITIL processes. For example, one of the requirements is to agree with the customer on

Copyright ©2017 Advisera Expert Solutions Ltd. All rights reserved. 5

a catalogue of services containing dependencies between services and service components. This requires
an in-depth knowledge of ITIL; foundations-level knowledge will not suffice here.

6.2 Service Reporting was a distinct process in a CSI book of previous ITIL V3 edition; but, in the new 2011
edition, it was decided that reporting activities are too important for most of the processes in all lifecycle
stages and shouldn’t be dealt with as a single process. So, bits and pieces of Service Reporting can be
found in all processes, like in SLM, and as a METHOD in ITIL CSI book, not a process.

In ISO20000 Service Reporting it has only five requirements, but they are rather demanding, and they all
make sense.

IT Service Continuity Management and Availability Management in ITIL are combined in ISO20k as 6.3
Service Continuity and Availability Management, which makes sense when you implement a strict
auditable process. It is internally divided into three chapters: requirements, plans and monitoring &
testing. Altogether, there are 18 strict requirements.

ITIL Capacity Management is an important process in Service Design. In ISO20k it is described in 6.5 by six
requirements, the one concerning Capacity Plan being the most demanding. ITIL elaborates in detail about
resource, service and business capacity management.

6.4 Budgeting and Accounting for IT Services is parallel to ITIL’s Service Strategy’s Financial Management
process, where, besides Budgeting and Accounting, a Charging procedure is described.

6.6 Information Security Management is one of the most elaborate ISO20k processes. Companies which
have ISO/IEC 27001 Information Security Management System adopted would benefit significantly from
it here. They can simply refer to it for most of the requirements. Careful here, the scope of 20k and 27001
should be at least similar. Business organizations not having an ISMS should put forth much more effort
than the size of ITIL Service Design chapter indicates.

Design / 7. Relationship Processes

7.1 Business Relationship Management and 7.2 Supplier Management are Quality Management System
terms which also appeared in ITIL V3 Service Design in 2005. No news here in 2011 edition.

Operation / 8. Resolution Processes

ITIL’s Request Fulfillment (new in ITIL 3) and Incident Management are combined in ISO20k 8.1 Incident
and Service Request Management. It is definitely a thoroughly elaborated process in the history of ITSM.
Due to its firefighting nature, it is usually the first one to be implemented in a new ITSM organization. IM
is also a key process in ITIL.

Another key process in ITIL is Problem Management. As opposed to Incident Management, PM is a simple
process performed by expensive people. Problem Management in ITIL was rather straightforward, yet
contradictory. What is reactive PM, how is proactive PM done, how is the Problem being identified? These

Copyright ©2017 Advisera Expert Solutions Ltd. All rights reserved. 6

are the little things that changed in subsequent ITIL editions. Even in ISO20k we experienced some minor
conceptual changes. Nevertheless, this should be one of the easiest processes to implement, if nine
simple requirements are followed. On the other hand, if adequate attention is given to Problem
Management, it will reward the service organization twofold with all the benefits mentioned in ITIL.

Functions

ITIL V2 had a single Service Desk function (It was called HelpDesk in V1) for ages, and now there are 3
more functions in V3: Operations, Application and Technical management. ISO20k is process oriented; no
functions are defined in it. If a service organization wishes to implement these functions, it has to refer to
ITIL.

Transition / 9. Control Processes

Configuration Management was a key process in ITIL V2. Everything depended on this: do we know what
we have, where it is, how it works and who changed it. Configuration Management provides key info for
all ITSM key processes. There are 14 strict requirements in ISO20k clause 9.1. Any ITSM organization that
has been in the market for a few years has developed a Configuration Management process.

9.2 Change Management: Twenty-four requirements in ISO 20k should indicate the importance of this
process. In a young SM company, diagnostics for most of the incidents starts with “What did you change?”
This is a killer key process in ITIL and it is usually recognized right after the implementation of Incident
Management. A rule of thumb: 80% of incidents are there because of bad Change Management.

Release and Deployment Management. In both former editions, ITIL and ISO20k, it was called Release
Management. To describe it better, “deployment” was appended to a process name. Now we have a
better image of what it is: Physically performing changes after the change process is done. That’s called
deployment. Service Organization has to manage the people, resources and services impacted. One
Change can be done in multiple Releases, and one Release can come from multiple Changes. In practice,
most of the ISO20k auditors will approve combining change and release management process.

Copyright ©2017 Advisera Expert Solutions Ltd. All rights reserved. 7

Conclusion – Implement ITIL or
ISO 20000?
The best answer to this would be – implement them together. ISO 20000 can be used for implementation
and measurement of essential high-level processes, while ITIL is perfect for details – it is invaluable when
it comes to developing every step in ITSM processes.

To learn more about similarities and differences see this article: ITIL and ISO 20000: A Comparison.

Useful resources
These online materials will help you with ITIL® and ISO 20000 implementation:

 Here you can download a free preview of the ITIL® & ISO 20000 Premium Documentation
Toolkit – in this free preview; you will be able to see the Table of Contents of each of the
mentioned documented procedures, as well as a few sections from each document.

Copyright ©2017 Advisera Expert Solutions Ltd. All rights reserved. 8

 Advisera Expert Solutions Ltd
for electronic business and business consulting
Zavizanska 12, 10000 Zagreb
Croatia, European Union
Email: support@advisera.com
U.S. (international): +1 (646) 759 9933
United Kingdom (international): +44 1502 449001
Toll-Free (U.S. and Canada): 1-888-553-2256
Toll-Free (United Kingdom): 0800 808 5485
Australia: +61 3 4000 0020

Copyright ©2017 Advisera Expert Solutions Ltd. All rights reserved. 9